US6915425B2 - System for permitting off-line playback of digital content, and for managing content rights - Google Patents

System for permitting off-line playback of digital content, and for managing content rights Download PDF

Info

Publication number
US6915425B2
US6915425B2 US09/739,076 US73907600A US6915425B2 US 6915425 B2 US6915425 B2 US 6915425B2 US 73907600 A US73907600 A US 73907600A US 6915425 B2 US6915425 B2 US 6915425B2
Authority
US
United States
Prior art keywords
content file
license
content
playback
instructions
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related, expires
Application number
US09/739,076
Other versions
US20020108049A1 (en
Inventor
Bin Xu
Weijun Li
Kyle Smith
Dalun Bao
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SafeNet Data Security Israel Ltd
Original Assignee
Aladdin Knowledge Systems Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aladdin Knowledge Systems Ltd filed Critical Aladdin Knowledge Systems Ltd
Priority to US09/739,076 priority Critical patent/US6915425B2/en
Assigned to PREVIEW SYSTEMS, INC. reassignment PREVIEW SYSTEMS, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BAO, DALUN, LI, WEIJUN, SMITH, KYLE, XU, BIN
Assigned to ALADDIN KNOWLEDGE SYSTEMS, LTD. reassignment ALADDIN KNOWLEDGE SYSTEMS, LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: PREVIEW SYSTEMS, INC.
Publication of US20020108049A1 publication Critical patent/US20020108049A1/en
Priority to US11/165,995 priority patent/US20060021068A1/en
Application granted granted Critical
Publication of US6915425B2 publication Critical patent/US6915425B2/en
Assigned to DEUTSCHE BANK TRUST COMPANY AMERICAS, AS COLLATERAL AGENT reassignment DEUTSCHE BANK TRUST COMPANY AMERICAS, AS COLLATERAL AGENT FIRST LIEN PATENT SECURITY AGREEMENT Assignors: ALLADDIN KNOWLEDGE SYSTEMS LTD.
Assigned to DEUTSCHE BANK TRUST COMPANY AMERICAS, AS COLLATERAL AGENT reassignment DEUTSCHE BANK TRUST COMPANY AMERICAS, AS COLLATERAL AGENT SECOND LIEN PATENT SECURITY AGREEMENT Assignors: ALLADDIN KNOWLEDGE SYSTEMS LTD.
Assigned to SAFENET DATA SECURITY (ISRAEL) LTD. reassignment SAFENET DATA SECURITY (ISRAEL) LTD. CHANGE OF NAME (SEE DOCUMENT FOR DETAILS). Assignors: ALADDIN KNOWLEDGE SYSTEMS LTD.
Assigned to ALADDIN KNOWLEDGE SYSTEMS LTD reassignment ALADDIN KNOWLEDGE SYSTEMS LTD SECOND LIEN PATENT SECURITY AGREEMENT RELEASE Assignors: DEUTSCHE BANK TRUST COMPANY AMERICAS, AS COLLATERAL AGENT
Assigned to ALADDIN KNOWLEDGE SYSTEMS LTD reassignment ALADDIN KNOWLEDGE SYSTEMS LTD FIRST LIEN PATENT SECURITY AGREEMENT RELEASE Assignors: DEUTSCHE BANK TRUST COMPANY AMERICAS, AS COLLATERAL AGENT
Adjusted expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0457Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/101Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management

Definitions

  • This invention relates to the field of information processing and more particularly to systems for implementing off-line digital management rights.
  • Unauthorized copying and use of content providers works deprives rightful owners of billions of dollars according to a well-known source. Unauthorized copying is apportibated because consumers can easily retrieve content, and technology is available for perfectly reproducing content.
  • a number of mechanisms have been developed to protect against unauthorized access and duplication and to provide digital rights management.
  • One method is a digital rights management system that allows a set of rules to determine how the content is used.
  • Another method (for software) for curbing unauthorized duplication is the use of a scheme which provides software tryouts or demos that typically work and expire after a specific duration.
  • Other methods use a copy protection scheme that limits the number of copies that a user can make, after which additional copying results in corrupt copies.
  • an alternate scheme requires the presence of a license on a client workstation for the software to operate.
  • Encryption is the conversion of data into an unintelligible form, e.g., ciphertext, that cannot be easily understood by unauthorized users.
  • Decryption is the process of converting encrypted content back into its original form such that the it becomes intelligible.
  • Simple ciphers include the rotation of letters in the alphabet, the substitution of letters for numbers, and the “scrambling” of voice signals by inverting the sideband frequencies. More complex ciphers work according to sophisticated computer algorithms that rearrange the data bits in digital information content.
  • the key is an algorithm that decodes the work of the encryption algorithm.
  • key schemes for encryption/decryption systems namely (1) Public Key Systems (PKS) or asymmetric systems which utilize two different keys, one for encryption, or signing, and one for decryption, or verifying; and (2) nonpublic key systems that are known as symmetric, or secret key, systems.
  • PPS Public Key Systems
  • asymmetric systems which utilize two different keys, one for encryption, or signing, and one for decryption, or verifying
  • nonpublic key systems that are known as symmetric, or secret key, systems.
  • a system for permitting off-line playback of digital content files, and for managing related content rights comprises a content builder for encrypting the content files to prevent unauthorized access to the files, and a license module for generating a license which authorizes the user to playback the file.
  • the system permits verification of the license while the user is offline, and permits decryption of the content file to permit offline playback of the content files.
  • the system comprises a method for permitting offline playback of a content file on a user computing device upon offline verification of the terms of a license for authorizing the playback of the content file.
  • the method comprises the steps of identifying the license by using one or more information fields within the header, verifying the terms of the license locally on the user computing device while the user is offline, retrieving from the license, a session key for decrypting the content file, retrieving from the license, a segment which is part of the content file, decrypting the content file using the session key to permit playback of the content file for a single session, and combining the segment with the content file to permit playback of the content file.
  • FIG. 1 is a block diagram of a system that provides a content encryption functionality according to the present invention.
  • FIG. 2 is an exemplary schematic block diagram of a delivery system that functions to deliver encrypted content files for storage within an end user disk.
  • FIG. 3 is a block diagram of a system for permitting off-line license verification to enable playback of encrypted content files according to the present invention.
  • FIG. 4 is a block diagram of a system for acquiring a license which authorizes a user to playback a content file.
  • FIG. 5A is an illustration of a computer system including a display having a display screen.
  • FIG. 5B illustrates subsystems that might typically be found in a computer such as computer 1 .
  • FIG. 5C is a generalized diagram of a typical communication network.
  • a system for enabling the off-line playback of content files by an authorized user system, and for managing the rights to digital content files within a computer network includes a content builder for encrypting the content files to prevent unauthorized access to the files.
  • the system encrypts the files by using one or more keys which are associated with one or more segments of the content file. These keys enable an authorized user to decrypt and playback the content files at a subsequent time.
  • the keys When the keys are received by an end user's system, it retrieves a license from a license server which specifies the rights of the user as it relates to the content files. Therefore, at the very least, one or more keys and a license are required in order for a user to play back a content file.
  • the present system manages digital rights pertaining to such content files in accordance with one embodiment of the present invention.
  • the term “content” refers to digital information. The present invention will be further understood with reference to the diagrams and descriptions which follow.
  • FIG. 1 is a block diagram of system 100 that provides a content encryption functionality according to the present invention.
  • system 100 comprises DRM key module 112 for associating the information contained within a content file with a license, database 102 for storing key sheaves received from content builder 112 , content builder module 116 for encrypting one or more digital files, and DRM encoder 110 for coordinating encryption as well as providing a header, without limitation.
  • content builder 116 receives a single unencrypted content file 106 (or multiple unencrypted content files 108 ) for encryption.
  • Example of content files 106 are musical recordings and audio or video images. Further, content files 106 may be may be from third party sources or directly from the content providers.
  • content builder 116 utilizes an encryption algorithm to implement the encryption process. In one embodiment, this process is accomplished by segmenting content file 106 into variable segments, each segment being encrypted with a separate key.
  • a “key” may be a variable value that is applied to content file 106 using an algorithm to produce encryption text. A single key or multiple keys having constant or variable lengths may be employed depending on which embodiment is implemented.
  • the keys are saved in database 102 for later retrieval during the playback process.
  • database 102 is an industry standard database system such as Oracle 8TM available from Oracle, Inc.®
  • Content builder 116 also functions to interact with database 102 to create the necessary information to enable the sale, distribution and tracking of the content within system 100 .
  • content builder 116 removes a portion of content file 106 and in its place inserts a header (not shown), supplied by DRM encoder 110 .
  • the removed portion is thereafter added to a license file for authorizing playback of the content file 106 . Therefore, the removed portion is considered part of the keys.
  • the removed portion may be added to a pre-configured license, the terms of which are predefined.
  • the pre-configured license is then retrieved when its terms are the same as the user's transaction.
  • the removed portion may be saved and later added to a license which is generated on the fly during the playback process. In any event, once the license is obtained, the removed portion is thereafter recombined with the original content portion during the playback process.
  • removing a portion of content file 106 also provides a measure of extra security as the removed portion of content file 106 remains unavailable until decryption time. Therefore, copying encrypted content to another machine is completely useless without the back binding license. In this manner, the process of seeking a specific location in content file 106 during the decryption process is simplified.
  • the header within content file 106 contains information fields such as the license name, the content file identification, and the license server URL (uniform resource locator).
  • the license name field enables content file 106 to be associated with the license file (containing the removed content portion).
  • the content identification field identifies the content file 106 while the license server URL points to the address of the license server where the license is generated (or located).
  • a multiple-field header is not shown, one of ordinary skill in the art will realize that the header may contain multiple fields for identifying various types of information other than those referenced above.
  • FIG. 2 is an exemplary schematic block diagram of delivery system 200 that functions to deliver encrypted content 204 files for storage within end user disk 210 . After storage, encrypted content 204 may be retrieved when the user desires to playback the files.
  • delivery system 200 comprises content server 202 for generating encrypted content 204 , interactive web player 212 for playing the content file, and DRM proxy 208 which handles client to server communication.
  • DRM proxy 208 functions to retrieve content 204 from content server 202 , using a receipt 206 . It should be noted that DRM proxy 208 is separate and apart from content player 212 because frequent modifications to the DRM proxy 208 may be carried out as proves necessary, without modifying other components.
  • a module which implements the functionality of DRM proxy 208 may be combined with content player 212 , in which case, content player 211 functions as single unit that retrieves and plays the encrypted content file.
  • content players which are currently available on the market are Quicktime 4TM available from Apple Computer, Inc.®, RealPlayerTM available from RealNetworks, Inc.® and Shockwave 7TM available from MacroMedia, Inc.®.
  • Quicktime 4TM available from Apple Computer, Inc.®
  • RealPlayerTM available from RealNetworks, Inc.®
  • Shockwave 7TM available from MacroMedia, Inc.®.
  • FIG. 3 is a block diagram of system 300 for permitting off-line license verification to enable playback of encrypted content files 304 according to the present invention.
  • system 300 comprises a number of components, namely, content server 302 for encrypting and uploading content files 304 , content player 308 for enabling playback of the content files, and player module 310 for decoding the encrypted content file.
  • content files 304 are delivered to and stored on the user's local disk.
  • a license (not shown) that grants the rights to play the content is also downloaded and stored within license store 318 .
  • the user may defer playback of the content, until a subsequent time that is convenient. It should be observed that content files 304 as well as the license remain encrypted, and are dynamically decrypted on the fly whenever the user initiates playback.
  • content player 308 Upon initiation of the off-line playback process (via a user interface, not shown, for example), content player 308 begins by retrieving a first portion of encrypted content files 304 from the user's local disk.
  • the first portion of the retrieved content file contains a content header (described in FIG. 1 ) for identifying a license name, a content identification, or a license server URL among other information.
  • the first portion is handed over to player module 310 , which begins to coordinate the decryption of content files 304 .
  • Player module 310 contacts DRM core 314 to request a session key for decrypting the content files.
  • DRM core 314 must identify the appropriate license. This is accomplished by reading the content header to identify the license name, and the content identification. In an alternate embodiment, when the license is not stored locally, the header may contain the URL of a license server (not shown) wherein the license is located. In addition, license data generator 316 provides DRM core 314 with a machine identification which is unique to the end user's machine for comparison with the header information.
  • DRM core 314 retrieves the license from license store 318 .
  • DRM core 314 verifies the terms of the license, and retrieves the session key which is contained within the license.
  • the session key is a single session key, meaning that it enables playback of the encrypted files only for a single session.
  • DRM core 314 passes the key securely back to player module 310 .
  • player module 310 forwards the key and encrypted content files 304 to DRM decoder 312 which executes the decryption process and returns the decrypted files to player module 310 .
  • content player 310 passes the decrypted content files content player 308 for playback. In this manner, the present invention permits license verification while the user is offline.
  • the preceding steps are only performed for the first portion of encrypted content after which subsequent portions are automatically played back. Further, it should be observed that there are implications for the player module 310 when it hands encrypted content to the decoder module 312 , because content is encrypted on a frame-by-frame basis. This makes seeking a specific location and the content a little more difficult and, as such, the decoder module may be provided with API (application programming interface) to aid the caller in dealing with these frames. In this manner, the present invention enables system 300 to upload encrypted content files 304 and play back those content files using a content player module 310 .
  • system 300 allows only authorized users to playback content files in accordance with one embodiment.
  • FIG. 4 is a block diagram of system 400 for acquiring a license which authorizes the user to playback a content file.
  • system 400 includes client and server sides 422 and 420 .
  • client side 422 includes DRM proxy 404 for preparing data for a license request, module 406 for building a license request message, DRM core 408 for obtaining machine specific information from license data generator 410 , and license database 412 for storing license files.
  • the user purchases content such as music recordings (for example) from the store front at a website (not shown).
  • content such as music recordings (for example)
  • Numerous websites are available for purchasing various types of digital content including Disney.com®, Sony.com®, and Shockwave.com®, for example.
  • the user Using a web browser or a program that is capable of posting a web form to server 416 , the user initiates the transaction with the appropriate website.
  • the transaction typically involves several round trips to the web site with the transaction concluding with a request for a box file 402 .
  • Box file 402 is a file that describes the content requested by the user, and in one embodiment has a .cBox extension.
  • DRM proxy 404 contains a box file handler and is registered with system 400 as the handler for files with the .cBox extension.
  • DRM proxy 404 directs module 406 to build a license request message for forwarding to license server 416 .
  • this request is in XML (extensible markup language) format.
  • Module 406 queries the machine identification to be included in the license request.
  • DRM proxy 404 starts a network job which sends the license request message to license server 416 .
  • License server 416 in one embodiment is a CGI (common gateway interface) program available through license server 416 .
  • license server 416 Upon receipt of the license request, license server 416 verifies that the content file has been purchased prior to continuing with the processing of the license request.
  • data base 414 contains the terms of the license along with the keys for decrypting the content file. These terms are retrieved and forwarded to license generator 418 . It should be observed that a different license generator is implemented for each digital rights management solution being employed on client side 422 . License generator 418 generates the license which includes the terms of the license. Also included within the license, are the keys for decrypting the content file.
  • the content decryption keys are bound to the particular machine located on the client side 422 .
  • particular information that is unique to the machine such as the machine identification number is bound to the license.
  • the present invention implements a machine-binding solution which allows digital content playback only on a particular machine.
  • license server 416 Upon receiving the license from license generator 418 , license server 416 forwards the license over the network to DRM proxy 404 .
  • DRM proxy forwards the license to module 406 for DRM-specific processing.
  • DRM core 408 retrieves the license and stores the license within database 412 .
  • the process for retrieving a license may occur subsequent to a purchase transaction such as when the user wishes to play back content offline.
  • license acquisition can also occur when there is no financial transaction involved; for example, when the user requests a trial license.
  • a trial license permits a user to utilize the content files for a specific period after which the trial license expires. Table 1 below illustrates exemplary steps taken by system 400 to acquire a license when there is no financial transaction involved.
  • a content player (not shown) asks DRM core 408 to play a content.
  • DRM core 408 checks its local store, e.g., license store 412, and finds there is no valid license available (it finds no license or license is expired).
  • DRM core 408 fields a license request message with the machine identification.
  • DRM core 408 invokes DRM proxy 404 to send a license request message.
  • DRM proxy starts a network job to send a license request message to license server 416.
  • License server 416 presents a page to collect license terms desired by the user and supported by system 400 before continuing with the processing of license request. 7. The terms of the license are collected and sent to data base 414.
  • the license request along with the terms of the license and keys for decryption, are retrieved from data base 414 and are dispatched to license generator 418. 9.
  • the license is generated from the obtained information.
  • the license data is returned to server 416.
  • License data is returned over the network to the DRM proxy 404.
  • DRM proxy 404 passes the license response message to DRM 406 for DRM-specific processing.
  • DRM module 406 via DRM core 408 saves the license data in its license store 412.
  • the present invention advantageously separates a portion of the content from the original content file until decryption time to prevent unauthorized content usage. Moreover, licenses are bound to particular machines so that copying the content to a machine other than the authorized machine is futile.
  • the present invention also utilizes a secure data channel in which the content keys are passed in secured format. Code obfuscation is used to hide code that handles decrypted data.
  • the system of the present invention manages rights to one or more digital content files within a computer network and limits the playback of such content files to an authorized user. Furthermore, the present invention facilitates distribution and content production, which ultimately results in a shorter product development cycle.
  • FIG. 5A is an illustration of computer system 1 including display 3 having display screen 5 .
  • Cabinet 7 houses standard computer components (not shown) such as a disk drive, CDROM drive, display adapter, network card, random access memory (RAM), central processing unit (CPU), and other components, subsystems and devices.
  • User input devices such as mouse 11 having buttons 13 , and keyboard 9 are shown.
  • Other user input devices such as a trackball, touch-screen, digitizing tablet, etc. can be used.
  • the computer system is illustrative of but one type of computer system, such as a desktop computer, suitable for use with the present invention.
  • Computers can be configured with many different hardware components and can be made in many dimensions and styles (e.g., laptop, palmtop, pen top, server, workstation, mainframe). Any hardware platform suitable for performing the processing described herein is suitable for use with the present invention.
  • FIG. 5B illustrates subsystems that might typically be found in a computer such as computer 1 .
  • subsystems within box 20 are directly interfaced to internal bus 22 .
  • Such subsystems typically are contained within the computer system such as within cabinet 7 of FIG. 5 A.
  • Subsystems include input/output (I/O) controller 24 , System Random Access Memory (RAM) 26 , Central Processing Unit (CPU) 28 , Display Adapter 30 , Serial Port 40 , Fixed Disk 42 and Network Interface Adapter 44 .
  • the use of bus 22 allows each of the subsystems to transfer data among the subsystems and, most importantly, with the CPU.
  • External devices can communicate with the CPU or other subsystems via bus 22 by interfacing with a subsystem on the bus.
  • Monitor 46 connects to the bus through Display Adapter 30 .
  • a relative pointing device (RPD) 48 such as a mouse connects through Serial Port 40 .
  • Some devices such as Keyboard 50 can communicate with the CPU by direct means without using the main data bus as, for example, via an interrupt controller and associated registers (not shown).
  • FIG. 5B is illustrative of but one suitable configuration. Subsystems, components or devices other than those shown in FIG. 5B can be added. A suitable computer system can be achieved without using all of the subsystems shown in FIG. 5 B. For example, a standalone computer need not be coupled to a network so Network Interface 44 would not be required. Other subsystems such as a CDROM drive, graphics accelerator, etc. can be included in the configuration without affecting the performance of the system of the present invention.
  • FIG. 5C is a generalized diagram of a typical network.
  • the network system 80 includes several local networks coupled to the Internet. Although specific network protocols, physical layers, topologies, and other network properties are presented herein, the present invention is suitable for use with any network.
  • computer USER1 is connected to Server1.
  • This connection can be by a network such as Ethernet, Asynchronous Transfer Mode, IEEE standard 1553 bus, modem connection, Universal Serial Bus, etc.
  • the communication link need not be a wire but can be infrared, radio wave transmission, etc.
  • Server1 is coupled to the Internet.
  • the Internet is shown symbolically as a collection of server routers 82 . Note that the use of the Internet for distribution or communication of information is not strictly necessary to practice the present invention but is merely used to illustrate a preferred embodiment, below. Further, the use of server computers and the designation of server and client machines is not crucial to an implementation of the present invention.
  • USER1 Computer can be connected directly to the Internet.
  • Server1's connection to the Internet is typically by a relatively high bandwidth transmission medium such as a T1 or T3 line.
  • other computers at 84 are shown utilizing a local network at a different location from USER1computer.
  • the computers at 84 are coupled to the Internet via Server2.
  • USER3 and Server3 represent yet a third installation.
  • a server is a machine or process that is providing information to another machine or process, i.e., the “client,” that requests the information.
  • a computer or process can be acting as a client at one point in time (because it is requesting information) and can be acting as a server at another point in time (because it is providing information).
  • Some computers are consistently referred to as “servers” because they usually act as a repository for a large amount of information that is often requested. For example, a World Wide Web (WWW, or simply, “Web”) site is often hosted by a server computer with a large storage capacity, high-speed processor and Internet link having the ability to handle many high-bandwidth communication lines.
  • WWW World Wide Web
  • a server machine will most likely not be manually operated by a human user on a continual basis, but, instead, has software for constantly, and automatically, responding to information requests.
  • some machines such as desktop computers, are typically thought of as client machines because they are primarily used to obtain information from the Internet for a user operating the machine.
  • the machine may actually be performing the role of a client or server, as the need may be.
  • a user's desktop computer can provide information to another desktop computer.
  • a server may directly communicate with another server computer.
  • this is characterized as “peer-to-peer,” communication.
  • processes of the present invention, and the hardware executing the processes may be characterized by language common to a discussion of the Internet (e.g., “client,” “server,” “peer”) it should be apparent that software of the present invention can execute on any type of suitable hardware including networks other than the Internet.
  • software of the present invention may be presented as a single entity, such software is readily able to be executed on multiple machines. That is, there may be multiple instances of a given software program, a single program may be executing on two or more processors in a distributed processing environment, parts of a single program may be executing on different physical machines, etc. Further, two different programs, such as a client and server program, can be executing in a single machine, or in different machines. A single program can be operating as a client for one information transaction and as a server for a different information transaction.

Abstract

A system for permitting offline content playback and for managing the rights to one or more digital content files within a computer network. The system manages these rights by encrypting the content files to prevent unauthorized access to the files. Encryption is accomplished by using one or more keys which are associated with one or more segments of the content file. These keys enable an authorized user to decrypt and playback the content files at a subsequent time. When the keys are received, a license which specifies the rights of the user regarding the content files, is obtained by the end user system, and verified locally to permit the content playback.

Description

CROSS-REFERENCE TO RELATED APPLICATION
This application is related to co-pending U.S. patent application Ser. No. 09/659,902, filed Sep. 12, 2000, entitled “System for Managing Rights and Permitting On-Line Playback of Digital Content” which is hereby incorporated by reference as if set forth in full in this application.
BACKGROUND OF THE INVENTION
This invention relates to the field of information processing and more particularly to systems for implementing off-line digital management rights.
Increased use of electronic computer networks, such as the Internet has resulted in a fundamental problem now facing content providers, namely, the problem of how to prevent the unauthorized use and distribution of digital content. These content providers include publishers of video games, music, books, medical information, information database providers, and providers of interactive web players. Examples of interactive web players currently available on the market are Quicktime 4™ available from Apple Computer, Inc.®, RealPlayer™ available from RealNetworks, Inc.® and Shockwave 7™ available from MacroMedia, Inc.®.
These content providers are concerned with getting compensated for their work. Unauthorized copying and use of content providers works deprives rightful owners of billions of dollars according to a well-known source. Unauthorized copying is exercebated because consumers can easily retrieve content, and technology is available for perfectly reproducing content.
A number of mechanisms have been developed to protect against unauthorized access and duplication and to provide digital rights management. One method is a digital rights management system that allows a set of rules to determine how the content is used. Another method (for software) for curbing unauthorized duplication is the use of a scheme which provides software tryouts or demos that typically work and expire after a specific duration. Other methods use a copy protection scheme that limits the number of copies that a user can make, after which additional copying results in corrupt copies. Further, an alternate scheme requires the presence of a license on a client workstation for the software to operate.
Many of the aforementioned schemes are typically implemented using “encryption/decryption” of the digital content. Encryption is the conversion of data into an unintelligible form, e.g., ciphertext, that cannot be easily understood by unauthorized users. Decryption is the process of converting encrypted content back into its original form such that the it becomes intelligible. Simple ciphers include the rotation of letters in the alphabet, the substitution of letters for numbers, and the “scrambling” of voice signals by inverting the sideband frequencies. More complex ciphers work according to sophisticated computer algorithms that rearrange the data bits in digital information content.
In order to easily recover the encrypted information content, the correct decryption key is required. The key is an algorithm that decodes the work of the encryption algorithm. The more complex the encryption algorithm, the more difficult it becomes to decode the communications without access to the key. Generally, there are two types of key schemes for encryption/decryption systems, namely (1) Public Key Systems (PKS) or asymmetric systems which utilize two different keys, one for encryption, or signing, and one for decryption, or verifying; and (2) nonpublic key systems that are known as symmetric, or secret key, systems.
Although the use of public or private key can be an effective way to prevent access to digital content, the transfer of keys often requires extensive coordination with the end user. Also, the use of keys in the related art does not always provide flexible licensing arrangements, or an efficient way to handle many instances of different deliverable digital content products.
Therefore, there is a need to resolve the aforementioned problem relating to conventional approaches for protecting digital information particularly with regard to managing the digital rights for off-line distribution of interactive web content and music.
SUMMARY OF THE INVENTION
A system for permitting off-line playback of digital content files, and for managing related content rights. The system comprises a content builder for encrypting the content files to prevent unauthorized access to the files, and a license module for generating a license which authorizes the user to playback the file. Advantageously, the system permits verification of the license while the user is offline, and permits decryption of the content file to permit offline playback of the content files.
In a first embodiment, the system comprises a method for permitting offline playback of a content file on a user computing device upon offline verification of the terms of a license for authorizing the playback of the content file. The method comprises the steps of identifying the license by using one or more information fields within the header, verifying the terms of the license locally on the user computing device while the user is offline, retrieving from the license, a session key for decrypting the content file, retrieving from the license, a segment which is part of the content file, decrypting the content file using the session key to permit playback of the content file for a single session, and combining the segment with the content file to permit playback of the content file.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 is a block diagram of a system that provides a content encryption functionality according to the present invention.
FIG. 2 is an exemplary schematic block diagram of a delivery system that functions to deliver encrypted content files for storage within an end user disk.
FIG. 3 is a block diagram of a system for permitting off-line license verification to enable playback of encrypted content files according to the present invention.
FIG. 4 is a block diagram of a system for acquiring a license which authorizes a user to playback a content file.
FIG. 5A is an illustration of a computer system including a display having a display screen.
FIG. 5B illustrates subsystems that might typically be found in a computer such as computer 1.
FIG. 5C is a generalized diagram of a typical communication network.
 DETAILED DESCRIPTION OF THE DIAGRAMS
Overview
A system for enabling the off-line playback of content files by an authorized user system, and for managing the rights to digital content files within a computer network. The system includes a content builder for encrypting the content files to prevent unauthorized access to the files. The system encrypts the files by using one or more keys which are associated with one or more segments of the content file. These keys enable an authorized user to decrypt and playback the content files at a subsequent time. When the keys are received by an end user's system, it retrieves a license from a license server which specifies the rights of the user as it relates to the content files. Therefore, at the very least, one or more keys and a license are required in order for a user to play back a content file. In this manner, the present system manages digital rights pertaining to such content files in accordance with one embodiment of the present invention. As used herein, the term “content” refers to digital information. The present invention will be further understood with reference to the diagrams and descriptions which follow.
Embodiments of the Present Invention
FIG. 1 is a block diagram of system 100 that provides a content encryption functionality according to the present invention.
In FIG. 1, system 100 comprises DRM key module 112 for associating the information contained within a content file with a license, database 102 for storing key sheaves received from content builder 112, content builder module 116 for encrypting one or more digital files, and DRM encoder 110 for coordinating encryption as well as providing a header, without limitation. In a typical content encryption procedure, content builder 116 receives a single unencrypted content file 106 (or multiple unencrypted content files 108) for encryption. Example of content files 106 are musical recordings and audio or video images. Further, content files 106 may be may be from third party sources or directly from the content providers.
When content file 106 is received, content builder 116 utilizes an encryption algorithm to implement the encryption process. In one embodiment, this process is accomplished by segmenting content file 106 into variable segments, each segment being encrypted with a separate key. A “key” may be a variable value that is applied to content file 106 using an algorithm to produce encryption text. A single key or multiple keys having constant or variable lengths may be employed depending on which embodiment is implemented. After the encryption process, the keys are saved in database 102 for later retrieval during the playback process. In an exemplary embodiment, database 102 is an industry standard database system such as Oracle 8™ available from Oracle, Inc.® Content builder 116 also functions to interact with database 102 to create the necessary information to enable the sale, distribution and tracking of the content within system 100.
Advantageously, during the encryption process, content builder 116 removes a portion of content file 106 and in its place inserts a header (not shown), supplied by DRM encoder 110. The removed portion is thereafter added to a license file for authorizing playback of the content file 106. Therefore, the removed portion is considered part of the keys. Depending on the embodiment being implemented, the removed portion may be added to a pre-configured license, the terms of which are predefined. During the playback process, the pre-configured license is then retrieved when its terms are the same as the user's transaction. Alternatively, the removed portion may be saved and later added to a license which is generated on the fly during the playback process. In any event, once the license is obtained, the removed portion is thereafter recombined with the original content portion during the playback process.
Advantageously, removing a portion of content file 106 also provides a measure of extra security as the removed portion of content file 106 remains unavailable until decryption time. Therefore, copying encrypted content to another machine is completely useless without the back binding license. In this manner, the process of seeking a specific location in content file 106 during the decryption process is simplified. The header within content file 106 contains information fields such as the license name, the content file identification, and the license server URL (uniform resource locator).
The license name field enables content file 106 to be associated with the license file (containing the removed content portion). The content identification field identifies the content file 106 while the license server URL points to the address of the license server where the license is generated (or located). Although a multiple-field header is not shown, one of ordinary skill in the art will realize that the header may contain multiple fields for identifying various types of information other than those referenced above.
FIG. 2 is an exemplary schematic block diagram of delivery system 200 that functions to deliver encrypted content 204 files for storage within end user disk 210. After storage, encrypted content 204 may be retrieved when the user desires to playback the files. In FIG. 2, delivery system 200 comprises content server 202 for generating encrypted content 204, interactive web player 212 for playing the content file, and DRM proxy 208 which handles client to server communication. DRM proxy 208 functions to retrieve content 204 from content server 202, using a receipt 206. It should be noted that DRM proxy 208 is separate and apart from content player 212 because frequent modifications to the DRM proxy 208 may be carried out as proves necessary, without modifying other components.
Alternatively, a module which implements the functionality of DRM proxy 208 may be combined with content player 212, in which case, content player 211 functions as single unit that retrieves and plays the encrypted content file. Examples of content players which are currently available on the market are Quicktime 4™ available from Apple Computer, Inc.®, RealPlayer™ available from RealNetworks, Inc.® and Shockwave 7™ available from MacroMedia, Inc.®. Although not shown, one of ordinary skill in the art will realize that various permutations of modules and modes for retrieving encrypted content 204 are possible.
FIG. 3 is a block diagram of system 300 for permitting off-line license verification to enable playback of encrypted content files 304 according to the present invention. In FIG. 3, system 300 comprises a number of components, namely, content server 302 for encrypting and uploading content files 304, content player 308 for enabling playback of the content files, and player module 310 for decoding the encrypted content file.
In operation, after a user consummates a purchase transaction, content files 304 are delivered to and stored on the user's local disk. Of course, along with content files 304, a license (not shown) that grants the rights to play the content is also downloaded and stored within license store 318. At this point, the user may defer playback of the content, until a subsequent time that is convenient. It should be observed that content files 304 as well as the license remain encrypted, and are dynamically decrypted on the fly whenever the user initiates playback.
Upon initiation of the off-line playback process (via a user interface, not shown, for example), content player 308 begins by retrieving a first portion of encrypted content files 304 from the user's local disk. The first portion of the retrieved content file, contains a content header (described in FIG. 1) for identifying a license name, a content identification, or a license server URL among other information. Thereafter, the first portion is handed over to player module 310, which begins to coordinate the decryption of content files 304. Player module 310 contacts DRM core 314 to request a session key for decrypting the content files.
Because the requested key is contained within the license, DRM core 314 must identify the appropriate license. This is accomplished by reading the content header to identify the license name, and the content identification. In an alternate embodiment, when the license is not stored locally, the header may contain the URL of a license server (not shown) wherein the license is located. In addition, license data generator 316 provides DRM core 314 with a machine identification which is unique to the end user's machine for comparison with the header information.
Using all of the obtained information, DRM core 314 retrieves the license from license store 318. DRM core 314 verifies the terms of the license, and retrieves the session key which is contained within the license. Advantageously, the session key is a single session key, meaning that it enables playback of the encrypted files only for a single session. After retrieving the session keys, DRM core 314 passes the key securely back to player module 310. In turn, player module 310 forwards the key and encrypted content files 304 to DRM decoder 312 which executes the decryption process and returns the decrypted files to player module 310. Finally, content player 310 passes the decrypted content files content player 308 for playback. In this manner, the present invention permits license verification while the user is offline.
It should be noted that the preceding steps are only performed for the first portion of encrypted content after which subsequent portions are automatically played back. Further, it should be observed that there are implications for the player module 310 when it hands encrypted content to the decoder module 312, because content is encrypted on a frame-by-frame basis. This makes seeking a specific location and the content a little more difficult and, as such, the decoder module may be provided with API (application programming interface) to aid the caller in dealing with these frames. In this manner, the present invention enables system 300 to upload encrypted content files 304 and play back those content files using a content player module 310. Advantageously, system 300 allows only authorized users to playback content files in accordance with one embodiment.
FIG. 4 is a block diagram of system 400 for acquiring a license which authorizes the user to playback a content file.
In FIG. 4, as shown in an exemplary embodiment, system 400 includes client and server sides 422 and 420. Among other components, client side 422 includes DRM proxy 404 for preparing data for a license request, module 406 for building a license request message, DRM core 408 for obtaining machine specific information from license data generator 410, and license database 412 for storing license files.
In a typical operation, the user purchases content such as music recordings (for example) from the store front at a website (not shown). Numerous websites are available for purchasing various types of digital content including Disney.com®, Sony.com®, and Shockwave.com®, for example. Using a web browser or a program that is capable of posting a web form to server 416, the user initiates the transaction with the appropriate website. The transaction typically involves several round trips to the web site with the transaction concluding with a request for a box file 402. Box file 402 is a file that describes the content requested by the user, and in one embodiment has a .cBox extension.
DRM proxy 404 contains a box file handler and is registered with system 400 as the handler for files with the .cBox extension. When box file 402 is received, DRM proxy 404 directs module 406 to build a license request message for forwarding to license server 416. In one embodiment, this request is in XML (extensible markup language) format. Module 406 queries the machine identification to be included in the license request. Thereafter, DRM proxy 404 starts a network job which sends the license request message to license server 416. License server 416, in one embodiment is a CGI (common gateway interface) program available through license server 416.
Upon receipt of the license request, license server 416 verifies that the content file has been purchased prior to continuing with the processing of the license request. data base 414 contains the terms of the license along with the keys for decrypting the content file. These terms are retrieved and forwarded to license generator 418. It should be observed that a different license generator is implemented for each digital rights management solution being employed on client side 422. License generator 418 generates the license which includes the terms of the license. Also included within the license, are the keys for decrypting the content file.
It should be observed that the content decryption keys are bound to the particular machine located on the client side 422. By way of example, particular information that is unique to the machine such as the machine identification number is bound to the license. In this way, the present invention implements a machine-binding solution which allows digital content playback only on a particular machine. Upon receiving the license from license generator 418, license server 416 forwards the license over the network to DRM proxy 404. In turn, DRM proxy forwards the license to module 406 for DRM-specific processing. DRM core 408 retrieves the license and stores the license within database 412.
Although not shown, the process for retrieving a license may occur subsequent to a purchase transaction such as when the user wishes to play back content offline. Further, license acquisition can also occur when there is no financial transaction involved; for example, when the user requests a trial license. A trial license permits a user to utilize the content files for a specific period after which the trial license expires. Table 1 below illustrates exemplary steps taken by system 400 to acquire a license when there is no financial transaction involved.
TABLE 1
1. A content player (not shown) asks DRM core 408 to play a content.
2. DRM core 408 checks its local store, e.g., license store 412, and finds
there is no valid license available (it finds no license or license
is expired).
3. DRM core 408 fields a license request message with the machine
identification.
4. DRM core 408 invokes DRM proxy 404 to send a license request
message.
5. DRM proxy starts a network job to send a license request message
to license server 416.
6. License server 416 presents a page to collect license terms desired
by the user and supported by system 400 before continuing with the
processing of license request.
7. The terms of the license are collected and sent to data base 414.
8. The license request, along with the terms of the license and keys
for decryption, are retrieved from data base 414 and are dispatched
to license generator 418.
9. The license is generated from the obtained information.
10. The license data is returned to server 416.
11. License data is returned over the network to the DRM proxy 404.
12. DRM proxy 404 passes the license response message to DRM 406
for DRM-specific processing.
13. DRM module 406 via DRM core 408 saves the license data in its
license store 412.
The present invention advantageously separates a portion of the content from the original content file until decryption time to prevent unauthorized content usage. Moreover, licenses are bound to particular machines so that copying the content to a machine other than the authorized machine is futile. The present invention also utilizes a secure data channel in which the content keys are passed in secured format. Code obfuscation is used to hide code that handles decrypted data.
Other advantages include the implementation of the DRM core and the DRM decoder within separate modules to increase the complexity for hackers, and the employment of session key-based on-line license verification to maximize security. In this manner, the system of the present invention manages rights to one or more digital content files within a computer network and limits the playback of such content files to an authorized user. Furthermore, the present invention facilitates distribution and content production, which ultimately results in a shorter product development cycle.
Description of Hardware
FIG. 5A is an illustration of computer system 1 including display 3 having display screen 5. Cabinet 7 houses standard computer components (not shown) such as a disk drive, CDROM drive, display adapter, network card, random access memory (RAM), central processing unit (CPU), and other components, subsystems and devices. User input devices such as mouse 11 having buttons 13, and keyboard 9 are shown. Other user input devices such as a trackball, touch-screen, digitizing tablet, etc. can be used. In general, the computer system is illustrative of but one type of computer system, such as a desktop computer, suitable for use with the present invention. Computers can be configured with many different hardware components and can be made in many dimensions and styles (e.g., laptop, palmtop, pen top, server, workstation, mainframe). Any hardware platform suitable for performing the processing described herein is suitable for use with the present invention.
FIG. 5B illustrates subsystems that might typically be found in a computer such as computer 1.
In FIG. 5B, subsystems within box 20 are directly interfaced to internal bus 22. Such subsystems typically are contained within the computer system such as within cabinet 7 of FIG. 5A. Subsystems include input/output (I/O) controller 24, System Random Access Memory (RAM) 26, Central Processing Unit (CPU) 28, Display Adapter 30, Serial Port 40, Fixed Disk 42 and Network Interface Adapter 44. The use of bus 22 allows each of the subsystems to transfer data among the subsystems and, most importantly, with the CPU. External devices can communicate with the CPU or other subsystems via bus 22 by interfacing with a subsystem on the bus. Monitor 46 connects to the bus through Display Adapter 30. A relative pointing device (RPD) 48 such as a mouse connects through Serial Port 40. Some devices such as Keyboard 50 can communicate with the CPU by direct means without using the main data bus as, for example, via an interrupt controller and associated registers (not shown).
As with the external physical configuration shown in FIG. 5A, many subsystem configurations are possible. FIG. 5B is illustrative of but one suitable configuration. Subsystems, components or devices other than those shown in FIG. 5B can be added. A suitable computer system can be achieved without using all of the subsystems shown in FIG. 5B. For example, a standalone computer need not be coupled to a network so Network Interface 44 would not be required. Other subsystems such as a CDROM drive, graphics accelerator, etc. can be included in the configuration without affecting the performance of the system of the present invention.
FIG. 5C is a generalized diagram of a typical network.
In FIG. 5C, the network system 80 includes several local networks coupled to the Internet. Although specific network protocols, physical layers, topologies, and other network properties are presented herein, the present invention is suitable for use with any network.
In FIG. 5C, computer USER1 is connected to Server1. This connection can be by a network such as Ethernet, Asynchronous Transfer Mode, IEEE standard 1553 bus, modem connection, Universal Serial Bus, etc. The communication link need not be a wire but can be infrared, radio wave transmission, etc. Server1 is coupled to the Internet. The Internet is shown symbolically as a collection of server routers 82. Note that the use of the Internet for distribution or communication of information is not strictly necessary to practice the present invention but is merely used to illustrate a preferred embodiment, below. Further, the use of server computers and the designation of server and client machines is not crucial to an implementation of the present invention. USER1 Computer can be connected directly to the Internet. Server1's connection to the Internet is typically by a relatively high bandwidth transmission medium such as a T1 or T3 line. Similarly, other computers at 84 are shown utilizing a local network at a different location from USER1computer. The computers at 84 are coupled to the Internet via Server2. USER3 and Server3 represent yet a third installation.
Note that the concepts of “client” and “server,” as used in this application and the industry, are very loosely defined and, in fact, are not fixed with respect to machines or software processes executing on the machines. Typically, a server is a machine or process that is providing information to another machine or process, i.e., the “client,” that requests the information. In this respect, a computer or process can be acting as a client at one point in time (because it is requesting information) and can be acting as a server at another point in time (because it is providing information). Some computers are consistently referred to as “servers” because they usually act as a repository for a large amount of information that is often requested. For example, a World Wide Web (WWW, or simply, “Web”) site is often hosted by a server computer with a large storage capacity, high-speed processor and Internet link having the ability to handle many high-bandwidth communication lines.
A server machine will most likely not be manually operated by a human user on a continual basis, but, instead, has software for constantly, and automatically, responding to information requests. On the other hand, some machines, such as desktop computers, are typically thought of as client machines because they are primarily used to obtain information from the Internet for a user operating the machine.
Depending on the specific software executing at any point in time on these machines, the machine may actually be performing the role of a client or server, as the need may be. For example, a user's desktop computer can provide information to another desktop computer. Or a server may directly communicate with another server computer. Sometimes this is characterized as “peer-to-peer,” communication. Although processes of the present invention, and the hardware executing the processes, may be characterized by language common to a discussion of the Internet (e.g., “client,” “server,” “peer”) it should be apparent that software of the present invention can execute on any type of suitable hardware including networks other than the Internet.
Although software of the present invention, may be presented as a single entity, such software is readily able to be executed on multiple machines. That is, there may be multiple instances of a given software program, a single program may be executing on two or more processors in a distributed processing environment, parts of a single program may be executing on different physical machines, etc. Further, two different programs, such as a client and server program, can be executing in a single machine, or in different machines. A single program can be operating as a client for one information transaction and as a server for a different information transaction.
While the above is a complete description of exemplary specific embodiments of the invention, additional embodiments are also possible. Thus, the above description should not be taken as limiting the scope of the invention, which is defined by the appended claims along with their full scope of equivalents.

Claims (15)

1. A method for permitting offline playback of a content file on a user computing device upon offline verification of the terms of a license for authorizing the playback of the content file, the method comprising:
including within the license a segment which is a part of the content file;
upon invoking payback of the content file:
identifying the license by using one or more information fields within a header of said content file;
verifying the terms of the license locally on the riser computing device while the user is offline;
retrieving from the license, a session key for decrypting the content file;
retrieving from the license, the segment which is part of the content file;
decrypting the content file using the session key to enable playback of the content file for a single session; and
combining the segment with the content file to enable playback of the content file.
2. The method of claim 1 further comprising receiving the content file and the license from one or more server computing systems.
3. The method of claim 2 further comprising separating the segment from the content file prior to the step of receiving the content file and the license.
4. The method of claim 2 further comprising combining the segment with the license prior to the step of receiving the content file and the license.
5. The method of claim 2 further comprising binding the license to the user computing device so that the content tile is playable only on the user computing device prior to the step of receiving the content file and the license.
6. The method of claim 1 further comprising replacing the segment with the header in the content file prior to the step of receiving the content file and the license.
7. A method for permitting offline license verification, and for enabling playback of a content file on a user computing device, the method comprising:
receiving the content file from a computing system communicatively coupled to the user computing device, said content file including a header containing one or more information fields;
receiving the license from a computing system communicatively coupled to the user computing device;
identifying the license by using the one or more information fields within said header;
verifying the terms of the license locally on the user computing device while the user is offline;
retrieving from the license, a session key for decrypting the content file;
retrieving from the license, a segment which is part of the content file;
decrypting the content file using the session key to enable playback for a single session; and
combining the segment with the content file to enable playback.
8. The method of claim 7 further comprising separating the first segment from the content file prior to the step of receiving the content file from a computing system.
9. The method of claim 7 further comprising combining the first segment with the license prior to the step of receiving the license from a computing system.
10. The method of claim 7 further comprising storing both the content file and the license within the user computing device to enable future playback of the content file.
11. A system for managing rights to a content file within a computer network, and to permit offline verification of a license for authorizing playback of the content file offline, the system comprising:
a key for decrypting the content file;
a first content portion which is part of the content file;
a license for decrypting the content file, the license containing both the key and the first content portion;
a first computer system for generating the content file, the first computer system further comprising,
software containing one of more instructions for creating a header, said header comprising a first field having identification information,
software containing one or more instructions for generating the key,
software containing one or more instructions for encrypting the content file, and for removing the first content portion from the content file and substituting the header therefor;
a second computer system for receiving the content file from the first computer system and for receiving the license, the second computer system further comprising,
software containing one or more instructions for verifying the terms of the license locally on the second computer system while the user is offline;
software containing one or more instructions for decrypting the content file using the key, upon receipt of the license, and
software containing one or more instructions for combining the first content portion with the content file to enable playback of the content file.
12. A system for managing rights to a content file within a computer network, and to permit offline verification of said rights, the system comprising:
a key for decrypting the content file;
a first content portion which is part of the content file;
a license for decrypting the content file, the license containing both the key and the first content portion;
a first computer system for generating the content file, the first computer system further comprising,
software containing one or more instructions for encrypting the content file, and for removing the first content portion from the content file and substituting a header therefor;
a second computer system for receiving the content file from the first computer system and for receiving the license, the second computer system further comprising,
software containing one or more instructions for identifying the license using the header;
software containing one or more instructions for verifying the terms of the license locally on the second computer system while the user is offline;
software containing one or more instructions for decrypting the content file using the key, to enable playback of the content file while the user is offline; and
software containing one or more instructions for combining the first content portion with the content file to enable playback of the content file.
13. The system of claim 12 wherein the header contains one or more information fields for identifying the license.
14. The system of claim 12 wherein the first computer system has software containing one or more instructions for creating the header.
15. The system of claim 12 wherein first computer system has software containing one or more instructions for generating the key.
US09/739,076 2000-09-12 2000-12-13 System for permitting off-line playback of digital content, and for managing content rights Expired - Fee Related US6915425B2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US09/739,076 US6915425B2 (en) 2000-12-13 2000-12-13 System for permitting off-line playback of digital content, and for managing content rights
US11/165,995 US20060021068A1 (en) 2000-09-12 2005-06-27 System for permitting off-line playback of digital content, and for managing content rights

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US09/739,076 US6915425B2 (en) 2000-12-13 2000-12-13 System for permitting off-line playback of digital content, and for managing content rights

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US11/165,995 Continuation US20060021068A1 (en) 2000-09-12 2005-06-27 System for permitting off-line playback of digital content, and for managing content rights

Publications (2)

Publication Number Publication Date
US20020108049A1 US20020108049A1 (en) 2002-08-08
US6915425B2 true US6915425B2 (en) 2005-07-05

Family

ID=24970705

Family Applications (2)

Application Number Title Priority Date Filing Date
US09/739,076 Expired - Fee Related US6915425B2 (en) 2000-09-12 2000-12-13 System for permitting off-line playback of digital content, and for managing content rights
US11/165,995 Abandoned US20060021068A1 (en) 2000-09-12 2005-06-27 System for permitting off-line playback of digital content, and for managing content rights

Family Applications After (1)

Application Number Title Priority Date Filing Date
US11/165,995 Abandoned US20060021068A1 (en) 2000-09-12 2005-06-27 System for permitting off-line playback of digital content, and for managing content rights

Country Status (1)

Country Link
US (2) US6915425B2 (en)

Cited By (70)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020156743A1 (en) * 2001-04-24 2002-10-24 Detreville John D. Method and system for detecting pirated content
US20030037006A1 (en) * 2001-08-15 2003-02-20 Fujitsu Limited License transmitting and distributing system under offline environment and method thereof
US20030140243A1 (en) * 2002-01-18 2003-07-24 International Business Machines Corporation System and method for dynamically extending a DRM system using authenticated external DPR modules
US20030208680A1 (en) * 1996-06-28 2003-11-06 Shannon Byrne System for dynamically encrypting content for secure internet commerce and providing embedded fulfillment software
US20040030930A1 (en) * 2001-09-12 2004-02-12 Ryosuke Nomura Content distribution system, content distribution method, and client terminal
US20040039916A1 (en) * 2002-05-10 2004-02-26 David Aldis System and method for multi-tiered license management and distribution using networked clearinghouses
US20040107368A1 (en) * 1998-06-04 2004-06-03 Z4 Technologies, Inc. Method for digital rights management including self activating/self authentication software
US20040117631A1 (en) * 1998-06-04 2004-06-17 Z4 Technologies, Inc. Method for digital rights management including user/publisher connectivity interface
US20040117663A1 (en) * 1998-06-04 2004-06-17 Z4 Technologies, Inc. Method for authentication of digital content used or accessed with secondary devices to reduce unauthorized use or distribution
US20040117644A1 (en) * 1998-06-04 2004-06-17 Z4 Technologies, Inc. Method for reducing unauthorized use of software/digital content including self-activating/self-authenticating software/digital content
US20040117664A1 (en) * 1998-06-04 2004-06-17 Z4 Technologies, Inc. Apparatus for establishing a connectivity platform for digital rights management
US20040117628A1 (en) * 1998-06-04 2004-06-17 Z4 Technologies, Inc. Computer readable storage medium for enhancing license compliance of software/digital content including self-activating/self-authenticating software/digital content
US20040148408A1 (en) * 2003-01-10 2004-07-29 Sbc Properties, L.P. Network based proxy control of content
US20040172533A1 (en) * 2003-02-27 2004-09-02 Microsoft Corporation Tying a digital license to a user and tying the user to multiple computing devices in a digital rights management (DRM) sytem
US20040225894A1 (en) * 1998-06-04 2004-11-11 Z4 Technologies, Inc. Hardware based method for digital rights management including self activating/self authentication software
US20040225524A1 (en) * 2002-01-09 2004-11-11 Innerpresence Networks, Inc. Systems and methods for monitoring the presence of assets within a system and enforcing policies governing assets
US20050038311A1 (en) * 2002-09-11 2005-02-17 Siemens Aktiengesellschaft Device to make expert knowledge accessible for the operation of medical examination devices
US20050044047A1 (en) * 1999-11-29 2005-02-24 Microsoft Corporation Copy detection for digitally-formatted works
US20050091216A1 (en) * 2003-10-23 2005-04-28 Curl Corporation URL system and method for licensing content
US20050102515A1 (en) * 2003-02-03 2005-05-12 Dave Jaworski Controlling read and write operations for digital media
US20050177284A1 (en) * 2003-12-10 2005-08-11 Sony Corporation In-vehicle communication system, communication method therefor, in-vehicle communication terminal, communication method therefor, program recording medium, and program
US20060031222A1 (en) * 2002-12-19 2006-02-09 Uwe Hannsmann Method for providing of content data to a client
US20060053079A1 (en) * 2003-02-03 2006-03-09 Brad Edmonson User-defined electronic stores for marketing digital rights licenses
US20060053080A1 (en) * 2003-02-03 2006-03-09 Brad Edmonson Centralized management of digital rights licensing
US20060107325A1 (en) * 2002-08-14 2006-05-18 Egil Kanestrom Method for creating and processing data streams that contain encrypted and decrypted data
US20060156300A1 (en) * 2003-03-04 2006-07-13 Koninklijke Philips Electronics N.V. Vouching an authorized copy
US20070044157A1 (en) * 2003-05-09 2007-02-22 Nec Corporation Distribution control method and distribution control system for digital information
US20070044137A1 (en) * 2005-08-22 2007-02-22 Bennett James D Audio-video systems supporting merged audio streams
US20070116297A1 (en) * 2005-11-21 2007-05-24 Broadcom Corporation Multiple channel audio system supporting data channel replacement
US20070124251A1 (en) * 2003-10-16 2007-05-31 Sharp Kabushiki Kaisha Content use control device, reording device, reproduction device, recording medium, and content use control method
US20070136608A1 (en) * 2005-12-05 2007-06-14 Microsoft Corporation Off-line economies for digital media
US20070198363A1 (en) * 2006-02-17 2007-08-23 Yahoo! Inc. Method and system for managing pricing structures and delivery channels for rights in files on a network
US20070198492A1 (en) * 2006-02-17 2007-08-23 Yahoo! Inc. Method and system for suggesting prices for rights in files on a network
US20070233568A1 (en) * 2006-03-10 2007-10-04 Provident Intellectual Property, Llc Microtransactions Using Points Over Electronic Networks
US20080114880A1 (en) * 2006-11-14 2008-05-15 Fabrice Jogand-Coulomb System for connecting to a network location associated with content
US20080114772A1 (en) * 2006-11-14 2008-05-15 Fabrice Jogand-Coulomb Method for connecting to a network location associated with content
US20080114995A1 (en) * 2006-11-14 2008-05-15 Fabrice Jogand-Coulomb Methods for accessing content based on a session ticket
US20080114958A1 (en) * 2006-11-14 2008-05-15 Fabrice Jogand-Coulomb Apparatuses for binding content to a separate memory device
US20080115224A1 (en) * 2006-11-14 2008-05-15 Fabrice Jogand-Coulomb Method for allowing multiple users to access preview content
US20080112562A1 (en) * 2006-11-14 2008-05-15 Fabrice Jogand-Coulomb Methods for linking content with license
US20080114693A1 (en) * 2006-11-14 2008-05-15 Fabrice Jogand-Coulomb Method for allowing content protected by a first DRM system to be accessed by a second DRM system
US20080175384A1 (en) * 2002-04-22 2008-07-24 Shannon Byrne System for dynamically encrypting content for secure internet commerce and providing embedded fulfillment software
US7454323B1 (en) * 2003-08-22 2008-11-18 Altera Corporation Method for creation of secure simulation models
US20080294561A1 (en) * 2007-05-22 2008-11-27 Microsoft Corporation Media content deciphered when initiated for playback
US20090119379A1 (en) * 2007-11-05 2009-05-07 Sony Electronics Inc. Rendering of multi-media content to near bit accuracy by contractual obligation
US20090313665A1 (en) * 2008-06-17 2009-12-17 Tandberg Television Inc. Digital rights management licensing over third party networks
US20100031310A1 (en) * 2008-08-01 2010-02-04 Dell Products, Lp System and method for roaming protected content backup and distribution
US7748045B2 (en) * 2004-03-30 2010-06-29 Michael Frederick Kenrich Method and system for providing cryptographic document retention with off-line access
US20110007898A1 (en) * 2003-11-07 2011-01-13 Oliver Meyer Method for transferring encrypted useful data objects
US7913311B2 (en) 2001-12-12 2011-03-22 Rossmann Alain Methods and systems for providing access control to electronic data
US7921450B1 (en) 2001-12-12 2011-04-05 Klimenty Vainstein Security system using indirect key generation from access rules and methods therefor
US7921288B1 (en) 2001-12-12 2011-04-05 Hildebrand Hal S System and method for providing different levels of key security for controlling access to secured items
US7921284B1 (en) 2001-12-12 2011-04-05 Gary Mark Kinghorn Method and system for protecting electronic data in enterprise environment
US7930756B1 (en) 2001-12-12 2011-04-19 Crocker Steven Toye Multi-level cryptographic transformations for securing digital assets
US7950066B1 (en) 2001-12-21 2011-05-24 Guardian Data Storage, Llc Method and system for restricting use of a clipboard application
US8006280B1 (en) 2001-12-12 2011-08-23 Hildebrand Hal S Security system for generating keys from access rules in a decentralized manner and methods therefor
US8065713B1 (en) 2001-12-12 2011-11-22 Klimenty Vainstein System and method for providing multi-location access management to secured items
US8127366B2 (en) 2003-09-30 2012-02-28 Guardian Data Storage, Llc Method and apparatus for transitioning between states of security policies used to secure electronic documents
US8176334B2 (en) 2002-09-30 2012-05-08 Guardian Data Storage, Llc Document security system that permits external users to gain access to secured files
US8266674B2 (en) 2001-12-12 2012-09-11 Guardian Data Storage, Llc Method and system for implementing changes to security policies in a distributed security system
US8327138B2 (en) 2003-09-30 2012-12-04 Guardian Data Storage Llc Method and system for securing digital assets using process-driven security policies
USRE43906E1 (en) 2001-12-12 2013-01-01 Guardian Data Storage Llc Method and apparatus for securing digital assets
US20130121489A1 (en) * 2010-05-28 2013-05-16 Florian Pestoni System And Method For Providing Content Protection Of Linearly Consumed Content With A Bidirectional Protocol For License Acquisition
US8543827B2 (en) 2001-12-12 2013-09-24 Intellectual Ventures I Llc Methods and systems for providing access control to secured data
US8707034B1 (en) 2003-05-30 2014-04-22 Intellectual Ventures I Llc Method and system for using remote headers to secure electronic files
US8964972B2 (en) 2008-09-03 2015-02-24 Colin Gavrilenco Apparatus, method, and system for digital content and access protection
US10033700B2 (en) 2001-12-12 2018-07-24 Intellectual Ventures I Llc Dynamic evaluation of access rights
US20190068672A1 (en) * 2003-11-21 2019-02-28 Intel Corporation System And Method For Caching Data
US10360545B2 (en) 2001-12-12 2019-07-23 Guardian Data Storage, Llc Method and apparatus for accessing secured electronic data off-line
US11347785B2 (en) 2005-08-05 2022-05-31 Intel Corporation System and method for automatically managing media content

Families Citing this family (81)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5891646A (en) * 1997-06-05 1999-04-06 Duke University Methods of assaying receptor activity and constructs useful in such methods
DE10155752A1 (en) * 2001-11-14 2003-05-22 Siemens Ag Licensing software modules for industrial controllers, regulators and/or computer systems, involves using software module carrying with it information regarding licensing requirement
DE10023820B4 (en) * 2000-05-15 2006-10-19 Siemens Ag Software protection mechanism
US20070043675A1 (en) * 2000-05-15 2007-02-22 Siemens Aktiengesellschaft Software license manager
US7305560B2 (en) * 2000-12-27 2007-12-04 Proxense, Llc Digital content security system
US6973576B2 (en) 2000-12-27 2005-12-06 Margent Development, Llc Digital content security system
US7472280B2 (en) * 2000-12-27 2008-12-30 Proxense, Llc Digital rights management
US9613483B2 (en) * 2000-12-27 2017-04-04 Proxense, Llc Personal digital key and receiver/decoder circuit system and method
JP2003085321A (en) * 2001-09-11 2003-03-20 Sony Corp System and method for contents use authority control, information processing device, and computer program
US20030145183A1 (en) * 2002-01-31 2003-07-31 Muehring Phillip T. Applications for removable storage
JP4326186B2 (en) * 2002-04-15 2009-09-02 ソニー株式会社 Information processing apparatus and method
US7885896B2 (en) 2002-07-09 2011-02-08 Avaya Inc. Method for authorizing a substitute software license server
US8041642B2 (en) 2002-07-10 2011-10-18 Avaya Inc. Predictive software license balancing
WO2004023276A2 (en) * 2002-08-28 2004-03-18 Matsushita Electric Industrial Co., Ltd. Content-duplication management system, apparatus and method, playback apparatus and method, and computer program
US7681245B2 (en) * 2002-08-30 2010-03-16 Avaya Inc. Remote feature activator feature extraction
US7707116B2 (en) * 2002-08-30 2010-04-27 Avaya Inc. Flexible license file feature controls
US7966520B2 (en) * 2002-08-30 2011-06-21 Avaya Inc. Software licensing for spare processors
US7890997B2 (en) * 2002-12-26 2011-02-15 Avaya Inc. Remote feature activation authentication file system
US7260557B2 (en) * 2003-02-27 2007-08-21 Avaya Technology Corp. Method and apparatus for license distribution
US9665876B2 (en) * 2003-10-23 2017-05-30 Monvini Limited System of publication and distribution of instructional materials and method therefor
US20060265329A1 (en) * 2003-11-21 2006-11-23 Realnetworks System and method for automatically transferring dynamically changing content
US20060259436A1 (en) * 2003-11-21 2006-11-16 Hug Joshua D System and method for relicensing content
US8738537B2 (en) * 2003-11-21 2014-05-27 Intel Corporation System and method for relicensing content
US8098817B2 (en) * 2003-12-22 2012-01-17 Intel Corporation Methods and apparatus for mixing encrypted data with unencrypted data
US20050187879A1 (en) * 2004-02-19 2005-08-25 Microsoft Corporation Persistent license for stored content
WO2005086802A2 (en) 2004-03-08 2005-09-22 Proxense, Llc Linked account system using personal digital key (pdk-las)
US7707405B1 (en) 2004-09-21 2010-04-27 Avaya Inc. Secure installation activation
US7747851B1 (en) 2004-09-30 2010-06-29 Avaya Inc. Certificate distribution via license files
US8229858B1 (en) 2004-09-30 2012-07-24 Avaya Inc. Generation of enterprise-wide licenses in a customer environment
KR100739176B1 (en) * 2004-11-09 2007-07-13 엘지전자 주식회사 System and method for protecting unprotected digital contents
KR100772372B1 (en) * 2004-11-16 2007-11-01 삼성전자주식회사 Method and Apparatus for receiving a broadcast contents
US20070130078A1 (en) * 2005-12-02 2007-06-07 Robert Grzesek Digital rights management compliance with portable digital media device
AU2005319019A1 (en) 2004-12-20 2006-06-29 Proxense, Llc Biometric personal data key (PDK) authentication
US20060218650A1 (en) * 2005-03-25 2006-09-28 Nokia Corporation System and method for effectuating digital rights management in a home network
US8516093B2 (en) 2005-04-22 2013-08-20 Intel Corporation Playlist compilation system and method
US7814022B2 (en) * 2005-06-10 2010-10-12 Aniruddha Gupte Enhanced media method and apparatus for use in digital distribution system
WO2007001285A1 (en) * 2005-06-23 2007-01-04 Thomson Licensing Digital rights management (drm) enabled portable playback device, method and system
US7814023B1 (en) 2005-09-08 2010-10-12 Avaya Inc. Secure download manager
US8646102B2 (en) * 2005-09-16 2014-02-04 Oracle America, Inc. Method and apparatus for issuing rights in a digital rights management system
US8306918B2 (en) 2005-10-11 2012-11-06 Apple Inc. Use of media storage structure with multiple pieces of content in a content-distribution system
US8156563B2 (en) * 2005-11-18 2012-04-10 Sandisk Technologies Inc. Method for managing keys and/or rights objects
JP4564464B2 (en) * 2006-01-05 2010-10-20 株式会社東芝 Digital content playback apparatus, method and program
US11206664B2 (en) 2006-01-06 2021-12-21 Proxense, Llc Wireless network synchronization of cells and client devices on a network
US9113464B2 (en) 2006-01-06 2015-08-18 Proxense, Llc Dynamic cell size variation via wireless link parameter adjustment
US9654456B2 (en) * 2006-02-16 2017-05-16 Oracle International Corporation Service level digital rights management support in a multi-content aggregation and delivery system
US9313248B2 (en) * 2006-04-13 2016-04-12 Johnny Stuart Epstein Method and apparatus for delivering encoded content
US8224751B2 (en) * 2006-05-03 2012-07-17 Apple Inc. Device-independent management of cryptographic information
US7904718B2 (en) 2006-05-05 2011-03-08 Proxense, Llc Personal digital key differentiation for secure transactions
US7836511B2 (en) * 2006-06-14 2010-11-16 Microsoft Corporation Enforcing advertisement playback for downloaded media content
US7975310B2 (en) * 2006-06-14 2011-07-05 Microsoft Corporation Offline playback of advertising supported media
US20070294292A1 (en) * 2006-06-14 2007-12-20 Microsoft Corporation Advertising transfer and playback on portable devices
US7720765B1 (en) * 2006-07-20 2010-05-18 Vatari Corporation System and method for using digital strings to provide secure distribution of digital content
US7883003B2 (en) 2006-11-13 2011-02-08 Proxense, Llc Tracking system using personal digital key groups
US9269221B2 (en) 2006-11-13 2016-02-23 John J. Gobbi Configuration of interfaces for a location detection system and application
US8190918B2 (en) * 2006-11-13 2012-05-29 Disney Enterprises, Inc. Interoperable digital rights management
CN101192218A (en) * 2006-11-23 2008-06-04 国际商业机器公司 Method, device and system for providing and obtaining network content
US7936873B2 (en) * 2007-05-07 2011-05-03 Apple Inc. Secure distribution of content using decryption keys
US8347098B2 (en) * 2007-05-22 2013-01-01 Apple Inc. Media storage structures for storing content, devices for using such structures, systems for distributing such structures
US9311492B2 (en) 2007-05-22 2016-04-12 Apple Inc. Media storage structures for storing content, devices for using such structures, systems for distributing such structures
US8659427B2 (en) 2007-11-09 2014-02-25 Proxense, Llc Proximity-sensor supporting multiple application services
US8171528B1 (en) 2007-12-06 2012-05-01 Proxense, Llc Hybrid device having a personal digital key and receiver-decoder circuit and methods of use
US9251332B2 (en) 2007-12-19 2016-02-02 Proxense, Llc Security system and method for controlling access to computing resources
WO2009102979A2 (en) 2008-02-14 2009-08-20 Proxense, Llc Proximity-based healthcare management system with automatic access to private information
WO2009126732A2 (en) 2008-04-08 2009-10-15 Proxense, Llc Automated service-based order processing
US8837908B2 (en) * 2009-01-06 2014-09-16 Cyberlink Corp. Systems and methods for performing secure playback of media content
US8904191B2 (en) * 2009-01-21 2014-12-02 Microsoft Corporation Multiple content protection systems in a file
US8869289B2 (en) * 2009-01-28 2014-10-21 Microsoft Corporation Software application verification
US20100241855A1 (en) * 2009-03-17 2010-09-23 Cyberlink Corp. Systems and Methods for Secure Execution of Code Using a Hardware Protection Module
US8171565B2 (en) * 2009-08-18 2012-05-01 Condel International Technologies Inc. Systems and methods for locally generating license and activating DRM agent
JP5428685B2 (en) 2009-09-11 2014-02-26 株式会社リコー License introduction support device, license introduction support method, and license introduction support program
US9418205B2 (en) 2010-03-15 2016-08-16 Proxense, Llc Proximity-based system for automatic application or data access and item tracking
EP2388724A1 (en) * 2010-05-17 2011-11-23 ST-Ericsson SA Method and device for communicating digital content
US9322974B1 (en) 2010-07-15 2016-04-26 Proxense, Llc. Proximity-based system for object tracking
US8857716B1 (en) 2011-02-21 2014-10-14 Proxense, Llc Implementation of a proximity-based system for object tracking and automatic application initialization
KR101311287B1 (en) * 2012-02-21 2013-09-25 주식회사 파수닷컴 Apparatus and method for generating e-book, and apparatus and method for verifying e-book integrity
US9805350B2 (en) * 2012-07-16 2017-10-31 Infosys Limited System and method for providing access of digital contents to offline DRM users
US9405898B2 (en) 2013-05-10 2016-08-02 Proxense, Llc Secure element as a digital pocket
US10579325B2 (en) 2014-01-03 2020-03-03 061428 Corp. Method and system for playback of audio content using wireless mobile device
US9537913B2 (en) * 2014-01-03 2017-01-03 Yonder Music Inc. Method and system for delivery of audio content for use on wireless mobile device
US20170352115A1 (en) * 2016-06-01 2017-12-07 Kony Inc. Mobile application licensing tool
US20210390645A1 (en) * 2020-06-16 2021-12-16 OSAAP America, LLC Offline License Distribution Device

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5673316A (en) * 1996-03-29 1997-09-30 International Business Machines Corporation Creation and distribution of cryptographic envelope

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5093914A (en) * 1989-12-15 1992-03-03 At&T Bell Laboratories Method of controlling the execution of object-oriented programs
US5222134A (en) * 1990-11-07 1993-06-22 Tau Systems Corporation Secure system for activating personal computer software at remote locations
US5530752A (en) * 1994-02-22 1996-06-25 Convex Computer Corporation Systems and methods for protecting software from unlicensed copying and use
US6343280B2 (en) * 1998-12-15 2002-01-29 Jonathan Clark Distributed execution software license server

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5673316A (en) * 1996-03-29 1997-09-30 International Business Machines Corporation Creation and distribution of cryptographic envelope

Cited By (117)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7356847B2 (en) 1996-06-28 2008-04-08 Protexis, Inc. System for dynamically encrypting content for secure internet commerce and providing embedded fulfillment software
US20110010299A1 (en) * 1996-06-28 2011-01-13 Shannon Lee Byrne System for dynamically encrypting content for secure internet commerce and providing embedded fulfillment software
US20030208680A1 (en) * 1996-06-28 2003-11-06 Shannon Byrne System for dynamically encrypting content for secure internet commerce and providing embedded fulfillment software
US20040117664A1 (en) * 1998-06-04 2004-06-17 Z4 Technologies, Inc. Apparatus for establishing a connectivity platform for digital rights management
US20040225894A1 (en) * 1998-06-04 2004-11-11 Z4 Technologies, Inc. Hardware based method for digital rights management including self activating/self authentication software
US20040117628A1 (en) * 1998-06-04 2004-06-17 Z4 Technologies, Inc. Computer readable storage medium for enhancing license compliance of software/digital content including self-activating/self-authenticating software/digital content
US20040107368A1 (en) * 1998-06-04 2004-06-03 Z4 Technologies, Inc. Method for digital rights management including self activating/self authentication software
US20040117631A1 (en) * 1998-06-04 2004-06-17 Z4 Technologies, Inc. Method for digital rights management including user/publisher connectivity interface
US20040117663A1 (en) * 1998-06-04 2004-06-17 Z4 Technologies, Inc. Method for authentication of digital content used or accessed with secondary devices to reduce unauthorized use or distribution
US20040117644A1 (en) * 1998-06-04 2004-06-17 Z4 Technologies, Inc. Method for reducing unauthorized use of software/digital content including self-activating/self-authenticating software/digital content
US7177845B2 (en) 1999-11-29 2007-02-13 Microsoft Corporation Copy detection for digitally-formatted works
US20050044047A1 (en) * 1999-11-29 2005-02-24 Microsoft Corporation Copy detection for digitally-formatted works
US7228293B2 (en) 1999-11-29 2007-06-05 Microsoft Corporation Copy detection for digitally-formatted works
US20020156743A1 (en) * 2001-04-24 2002-10-24 Detreville John D. Method and system for detecting pirated content
US7424747B2 (en) * 2001-04-24 2008-09-09 Microsoft Corporation Method and system for detecting pirated content
US7191155B2 (en) * 2001-08-15 2007-03-13 Fujitsu Limited License transmitting and distributing system under offline environment and method thereof
US20030037006A1 (en) * 2001-08-15 2003-02-20 Fujitsu Limited License transmitting and distributing system under offline environment and method thereof
US20090276634A1 (en) * 2001-09-12 2009-11-05 Sony Corporation Content distribution system, content distribution method, and client terminal
US8417957B2 (en) * 2001-09-12 2013-04-09 Sony Corporation Content distribution system, content distribution method, and client terminal
US20130174276A1 (en) * 2001-09-12 2013-07-04 Sony Corporation Content distribution system, content distribution method, and client terminal
US8813241B2 (en) * 2001-09-12 2014-08-19 Sony Corporation Content distribution system, content distribution method, and client terminal
US20120203907A1 (en) * 2001-09-12 2012-08-09 Sony Corporation Content distribution system, content distribution method, and client terminal
US9686260B2 (en) 2001-09-12 2017-06-20 Sony Corporation Client distribution system, content distribution method, and client terminal
US7600262B2 (en) * 2001-09-12 2009-10-06 Sony Corporation Content distribution system, content distribution method, and client terminal
US8166564B2 (en) * 2001-09-12 2012-04-24 Sony Corporation Content distribution system, content distribution method, and client terminal
US20040030930A1 (en) * 2001-09-12 2004-02-12 Ryosuke Nomura Content distribution system, content distribution method, and client terminal
US10769288B2 (en) 2001-12-12 2020-09-08 Intellectual Property Ventures I Llc Methods and systems for providing access control to secured data
US8918839B2 (en) 2001-12-12 2014-12-23 Intellectual Ventures I Llc System and method for providing multi-location access management to secured items
US7921288B1 (en) 2001-12-12 2011-04-05 Hildebrand Hal S System and method for providing different levels of key security for controlling access to secured items
US7921450B1 (en) 2001-12-12 2011-04-05 Klimenty Vainstein Security system using indirect key generation from access rules and methods therefor
US7913311B2 (en) 2001-12-12 2011-03-22 Rossmann Alain Methods and systems for providing access control to electronic data
US10229279B2 (en) 2001-12-12 2019-03-12 Intellectual Ventures I Llc Methods and systems for providing access control to secured data
US10033700B2 (en) 2001-12-12 2018-07-24 Intellectual Ventures I Llc Dynamic evaluation of access rights
US7930756B1 (en) 2001-12-12 2011-04-19 Crocker Steven Toye Multi-level cryptographic transformations for securing digital assets
US8266674B2 (en) 2001-12-12 2012-09-11 Guardian Data Storage, Llc Method and system for implementing changes to security policies in a distributed security system
US9542560B2 (en) 2001-12-12 2017-01-10 Intellectual Ventures I Llc Methods and systems for providing access control to secured data
US9129120B2 (en) 2001-12-12 2015-09-08 Intellectual Ventures I Llc Methods and systems for providing access control to secured data
US8341407B2 (en) 2001-12-12 2012-12-25 Guardian Data Storage, Llc Method and system for protecting electronic data in enterprise environment
USRE43906E1 (en) 2001-12-12 2013-01-01 Guardian Data Storage Llc Method and apparatus for securing digital assets
US8341406B2 (en) 2001-12-12 2012-12-25 Guardian Data Storage, Llc System and method for providing different levels of key security for controlling access to secured items
US7921284B1 (en) 2001-12-12 2011-04-05 Gary Mark Kinghorn Method and system for protecting electronic data in enterprise environment
US8006280B1 (en) 2001-12-12 2011-08-23 Hildebrand Hal S Security system for generating keys from access rules in a decentralized manner and methods therefor
US8065713B1 (en) 2001-12-12 2011-11-22 Klimenty Vainstein System and method for providing multi-location access management to secured items
US10360545B2 (en) 2001-12-12 2019-07-23 Guardian Data Storage, Llc Method and apparatus for accessing secured electronic data off-line
US8543827B2 (en) 2001-12-12 2013-09-24 Intellectual Ventures I Llc Methods and systems for providing access control to secured data
US7950066B1 (en) 2001-12-21 2011-05-24 Guardian Data Storage, Llc Method and system for restricting use of a clipboard application
US20040225524A1 (en) * 2002-01-09 2004-11-11 Innerpresence Networks, Inc. Systems and methods for monitoring the presence of assets within a system and enforcing policies governing assets
US7712146B2 (en) 2002-01-18 2010-05-04 International Business Machines Corporation System and method for dynamically extending a DRM system using authenticated external DPR modules
US20070208742A1 (en) * 2002-01-18 2007-09-06 International Business Machines Corporation System and method for dynamically extending a drm system using authenticated external dpr modules
US7093296B2 (en) * 2002-01-18 2006-08-15 International Business Machines Corporation System and method for dynamically extending a DRM system using authenticated external DPR modules
US20030140243A1 (en) * 2002-01-18 2003-07-24 International Business Machines Corporation System and method for dynamically extending a DRM system using authenticated external DPR modules
US8943316B2 (en) 2002-02-12 2015-01-27 Intellectual Ventures I Llc Document security system that permits external users to gain access to secured files
US20080175384A1 (en) * 2002-04-22 2008-07-24 Shannon Byrne System for dynamically encrypting content for secure internet commerce and providing embedded fulfillment software
US7770230B2 (en) 2002-04-22 2010-08-03 Arvato Digital Services Canada, Inc. System for dynamically encrypting content for secure internet commerce and providing embedded fulfillment software
US20040039916A1 (en) * 2002-05-10 2004-02-26 David Aldis System and method for multi-tiered license management and distribution using networked clearinghouses
US20060107325A1 (en) * 2002-08-14 2006-05-18 Egil Kanestrom Method for creating and processing data streams that contain encrypted and decrypted data
US20050038311A1 (en) * 2002-09-11 2005-02-17 Siemens Aktiengesellschaft Device to make expert knowledge accessible for the operation of medical examination devices
US7640172B2 (en) * 2002-09-11 2009-12-29 Siemens Aktiengesellschaft Device to make expert knowledge accessible for the operation of medical examination devices
US8176334B2 (en) 2002-09-30 2012-05-08 Guardian Data Storage, Llc Document security system that permits external users to gain access to secured files
USRE47443E1 (en) 2002-09-30 2019-06-18 Intellectual Ventures I Llc Document security system that permits external users to gain access to secured files
US20060031222A1 (en) * 2002-12-19 2006-02-09 Uwe Hannsmann Method for providing of content data to a client
US8856072B2 (en) 2002-12-19 2014-10-07 International Business Machines Corporation Method for providing of content data to a client
US20040148408A1 (en) * 2003-01-10 2004-07-29 Sbc Properties, L.P. Network based proxy control of content
US7725582B2 (en) * 2003-01-10 2010-05-25 At & T Intellectual Property I, L.P. Network based proxy control of content
US20060053079A1 (en) * 2003-02-03 2006-03-09 Brad Edmonson User-defined electronic stores for marketing digital rights licenses
US20060053080A1 (en) * 2003-02-03 2006-03-09 Brad Edmonson Centralized management of digital rights licensing
US20050102515A1 (en) * 2003-02-03 2005-05-12 Dave Jaworski Controlling read and write operations for digital media
US7318236B2 (en) * 2003-02-27 2008-01-08 Microsoft Corporation Tying a digital license to a user and tying the user to multiple computing devices in a digital rights management (DRM) system
US20040172533A1 (en) * 2003-02-27 2004-09-02 Microsoft Corporation Tying a digital license to a user and tying the user to multiple computing devices in a digital rights management (DRM) sytem
US20060156300A1 (en) * 2003-03-04 2006-07-13 Koninklijke Philips Electronics N.V. Vouching an authorized copy
US20070044157A1 (en) * 2003-05-09 2007-02-22 Nec Corporation Distribution control method and distribution control system for digital information
US8707034B1 (en) 2003-05-30 2014-04-22 Intellectual Ventures I Llc Method and system for using remote headers to secure electronic files
US7454323B1 (en) * 2003-08-22 2008-11-18 Altera Corporation Method for creation of secure simulation models
US8739302B2 (en) 2003-09-30 2014-05-27 Intellectual Ventures I Llc Method and apparatus for transitioning between states of security policies used to secure electronic documents
US8327138B2 (en) 2003-09-30 2012-12-04 Guardian Data Storage Llc Method and system for securing digital assets using process-driven security policies
US8127366B2 (en) 2003-09-30 2012-02-28 Guardian Data Storage, Llc Method and apparatus for transitioning between states of security policies used to secure electronic documents
US20070124251A1 (en) * 2003-10-16 2007-05-31 Sharp Kabushiki Kaisha Content use control device, reording device, reproduction device, recording medium, and content use control method
US8108314B2 (en) * 2003-10-16 2012-01-31 Sharp Kabushiki Kaisha Content use control device, recording device, reproduction device, recording medium, and content use control method
US20050091216A1 (en) * 2003-10-23 2005-04-28 Curl Corporation URL system and method for licensing content
US7516147B2 (en) * 2003-10-23 2009-04-07 Sumisho Computer Systems Corporation URL system and method for licensing content
US8762282B2 (en) * 2003-11-07 2014-06-24 Siemens Aktiengesellschaft Method for transferring encrypted useful data objects
US20110007898A1 (en) * 2003-11-07 2011-01-13 Oliver Meyer Method for transferring encrypted useful data objects
US20190068672A1 (en) * 2003-11-21 2019-02-28 Intel Corporation System And Method For Caching Data
US20050177284A1 (en) * 2003-12-10 2005-08-11 Sony Corporation In-vehicle communication system, communication method therefor, in-vehicle communication terminal, communication method therefor, program recording medium, and program
US7933412B2 (en) * 2003-12-10 2011-04-26 Sony Corporation In-vehicle communication system and method therefor, in-vehicle communication terminal, communication method therefor, program recording medium, and program
US7748045B2 (en) * 2004-03-30 2010-06-29 Michael Frederick Kenrich Method and system for providing cryptographic document retention with off-line access
US11347785B2 (en) 2005-08-05 2022-05-31 Intel Corporation System and method for automatically managing media content
US11544313B2 (en) 2005-08-05 2023-01-03 Intel Corporation System and method for transferring playlists
US20070044137A1 (en) * 2005-08-22 2007-02-22 Bennett James D Audio-video systems supporting merged audio streams
US9049530B2 (en) 2005-11-21 2015-06-02 Broadcom Corporation Multiple channel audio system supporting data channel replacement
US20070116297A1 (en) * 2005-11-21 2007-05-24 Broadcom Corporation Multiple channel audio system supporting data channel replacement
US8027485B2 (en) 2005-11-21 2011-09-27 Broadcom Corporation Multiple channel audio system supporting data channel replacement
US20070136608A1 (en) * 2005-12-05 2007-06-14 Microsoft Corporation Off-line economies for digital media
US7818811B2 (en) * 2005-12-05 2010-10-19 Microsoft Corporation Off-line economies for digital media
US20070198363A1 (en) * 2006-02-17 2007-08-23 Yahoo! Inc. Method and system for managing pricing structures and delivery channels for rights in files on a network
US20070198492A1 (en) * 2006-02-17 2007-08-23 Yahoo! Inc. Method and system for suggesting prices for rights in files on a network
WO2007098452A1 (en) * 2006-02-17 2007-08-30 Yahoo! Inc. Method and system for suggesting prices for rights in files on a network
US20070233568A1 (en) * 2006-03-10 2007-10-04 Provident Intellectual Property, Llc Microtransactions Using Points Over Electronic Networks
US20080114995A1 (en) * 2006-11-14 2008-05-15 Fabrice Jogand-Coulomb Methods for accessing content based on a session ticket
US8533807B2 (en) 2006-11-14 2013-09-10 Sandisk Technologies Inc. Methods for accessing content based on a session ticket
US20080114880A1 (en) * 2006-11-14 2008-05-15 Fabrice Jogand-Coulomb System for connecting to a network location associated with content
US8079071B2 (en) 2006-11-14 2011-12-13 SanDisk Technologies, Inc. Methods for accessing content based on a session ticket
US8763110B2 (en) 2006-11-14 2014-06-24 Sandisk Technologies Inc. Apparatuses for binding content to a separate memory device
US20080114772A1 (en) * 2006-11-14 2008-05-15 Fabrice Jogand-Coulomb Method for connecting to a network location associated with content
US8327454B2 (en) 2006-11-14 2012-12-04 Sandisk Technologies Inc. Method for allowing multiple users to access preview content
US20080114693A1 (en) * 2006-11-14 2008-05-15 Fabrice Jogand-Coulomb Method for allowing content protected by a first DRM system to be accessed by a second DRM system
US20080114958A1 (en) * 2006-11-14 2008-05-15 Fabrice Jogand-Coulomb Apparatuses for binding content to a separate memory device
US20080112562A1 (en) * 2006-11-14 2008-05-15 Fabrice Jogand-Coulomb Methods for linking content with license
US20080115224A1 (en) * 2006-11-14 2008-05-15 Fabrice Jogand-Coulomb Method for allowing multiple users to access preview content
US20080294561A1 (en) * 2007-05-22 2008-11-27 Microsoft Corporation Media content deciphered when initiated for playback
US20090119379A1 (en) * 2007-11-05 2009-05-07 Sony Electronics Inc. Rendering of multi-media content to near bit accuracy by contractual obligation
US20090313665A1 (en) * 2008-06-17 2009-12-17 Tandberg Television Inc. Digital rights management licensing over third party networks
US8949925B2 (en) 2008-08-01 2015-02-03 Dell Products, Lp System and method for roaming protected content backup and distribution
US20100031310A1 (en) * 2008-08-01 2010-02-04 Dell Products, Lp System and method for roaming protected content backup and distribution
US8964972B2 (en) 2008-09-03 2015-02-24 Colin Gavrilenco Apparatus, method, and system for digital content and access protection
US20130121489A1 (en) * 2010-05-28 2013-05-16 Florian Pestoni System And Method For Providing Content Protection Of Linearly Consumed Content With A Bidirectional Protocol For License Acquisition
US8789196B2 (en) * 2010-05-28 2014-07-22 Adobe Systems Incorporated System and method for providing content protection of linearly consumed content with a bidirectional protocol for license acquisition

Also Published As

Publication number Publication date
US20060021068A1 (en) 2006-01-26
US20020108049A1 (en) 2002-08-08

Similar Documents

Publication Publication Date Title
US6915425B2 (en) System for permitting off-line playback of digital content, and for managing content rights
WO2002023315A2 (en) System for managing rights and permitting on-line playback of digital content
US11727376B2 (en) Use of media storage structure with multiple pieces of content in a content-distribution system
US8407466B2 (en) Controlling download and playback of media content
US5889860A (en) Encryption system with transaction coded decryption key
AU2001253243B2 (en) Secure digital content licensing system and method
KR100971854B1 (en) Systems and methods for providing secure server key operations
US7155415B2 (en) Secure digital content licensing system and method
JP4750352B2 (en) How to get a digital license for digital content
US7376624B2 (en) Secure communication and real-time watermarking using mutating identifiers
US7975312B2 (en) Token passing technique for media playback devices
KR100689648B1 (en) Method, apparatus and system for securely providing material to a licensee of the material
US20040019801A1 (en) Secure content sharing in digital rights management
AU2001253243A1 (en) Secure digital content licensing system and method
JP2004054937A (en) Method for obtaining signed right label (srl) for digital content in digital right management system by using right template
WO2006070330A1 (en) Method and apparatus for digital content management
JP2002204228A (en) Device and method for distributing contents, and program and device for downloading contents
JP2005507195A (en) Apparatus and method for accessing material using entity-locked secure registry
JP2001273264A (en) Information transmitting/receiving system, server computer and recording medium
JP2001022755A (en) Retrieving processing method for job data

Legal Events

Date Code Title Description
AS Assignment

Owner name: PREVIEW SYSTEMS, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:XU, BIN;LI, WEIJUN;SMITH, KYLE;AND OTHERS;REEL/FRAME:011638/0976;SIGNING DATES FROM 20010131 TO 20010208

AS Assignment

Owner name: ALADDIN KNOWLEDGE SYSTEMS, LTD., ISRAEL

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:PREVIEW SYSTEMS, INC.;REEL/FRAME:012527/0189

Effective date: 20011101

FEPP Fee payment procedure

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Free format text: PAT HOLDER NO LONGER CLAIMS SMALL ENTITY STATUS, ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: STOL); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

FPAY Fee payment

Year of fee payment: 4

AS Assignment

Owner name: DEUTSCHE BANK TRUST COMPANY AMERICAS, AS COLLATERA

Free format text: FIRST LIEN PATENT SECURITY AGREEMENT;ASSIGNOR:ALLADDIN KNOWLEDGE SYSTEMS LTD.;REEL/FRAME:024892/0677

Effective date: 20100826

AS Assignment

Owner name: DEUTSCHE BANK TRUST COMPANY AMERICAS, AS COLLATERA

Free format text: SECOND LIEN PATENT SECURITY AGREEMENT;ASSIGNOR:ALLADDIN KNOWLEDGE SYSTEMS LTD.;REEL/FRAME:024900/0702

Effective date: 20100826

AS Assignment

Owner name: SAFENET DATA SECURITY (ISRAEL) LTD., ISRAEL

Free format text: CHANGE OF NAME;ASSIGNOR:ALADDIN KNOWLEDGE SYSTEMS LTD.;REEL/FRAME:025848/0923

Effective date: 20101119

FEPP Fee payment procedure

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Free format text: PAYER NUMBER DE-ASSIGNED (ORIGINAL EVENT CODE: RMPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

FPAY Fee payment

Year of fee payment: 8

SULP Surcharge for late payment

Year of fee payment: 7

AS Assignment

Owner name: ALADDIN KNOWLEDGE SYSTEMS LTD, MARYLAND

Free format text: SECOND LIEN PATENT SECURITY AGREEMENT RELEASE;ASSIGNOR:DEUTSCHE BANK TRUST COMPANY AMERICAS, AS COLLATERAL AGENT;REEL/FRAME:032437/0341

Effective date: 20140305

Owner name: ALADDIN KNOWLEDGE SYSTEMS LTD, MARYLAND

Free format text: FIRST LIEN PATENT SECURITY AGREEMENT RELEASE;ASSIGNOR:DEUTSCHE BANK TRUST COMPANY AMERICAS, AS COLLATERAL AGENT;REEL/FRAME:032437/0257

Effective date: 20140305

REMI Maintenance fee reminder mailed
LAPS Lapse for failure to pay maintenance fees
STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Lapsed due to failure to pay maintenance fee

Effective date: 20170705